From 24089881309d472c6687cfb0ae4e5dd6049a3e53 Mon Sep 17 00:00:00 2001 From: flawedworld Date: Sat, 11 Sep 2021 00:11:23 +0000 Subject: [PATCH] Add section on how to get banking apps to work. --- static/usage.html | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/static/usage.html b/static/usage.html index 1e80225c..2220f62d 100644 --- a/static/usage.html +++ b/static/usage.html @@ -93,6 +93,7 @@
  • Limitations
    • +
  • Using banking apps
    • @@ -767,6 +768,23 @@ activity. We'll need to make a tiny app providing a way to launch it.

    + +
    +

    Using banking apps

    + +

    Some banking apps on GrapheneOS will work fine in any configuration of the operating + system, however due to apps requiring the usage of the Google SafetyNet API, which is only + present if the sandboxed Google Play Services are installed, they may fail to launch. Apps + can mandate that they require the "CTS Profile" check to pass, or the weaker, + "basicIntegrity" check, both of which are provided by the SafetyNet API. The latter + will pass on GrapheneOS but the former will not. App developers could instead use the standard + Android hardware attestation API which provides far stronger assurance on GrapheneOS to verify the + integrity of the operating system by following our guide here. Some banking apps + will attempt to use ptrace as a crude form of debug prevention which fails when the user + disables the "Enable Native Debugging" toggle in Settings, in the Security menu. It is + suggested to try with this toggle enabled and then with the sandboxed Google Play Services + installed if your app does not work.

    +